Cisco announces changes in the current CCNA Security exam, with new announcement Cisco ensured to include many newer technologies, which are widely deployed in today;s Enterprise Networks. The great thing in the CCNA Security version 3 is the addition of Cloud Web Security, Cloud and Virtualization. This shows how these technologies are going to dominate in coming days.

With addition of Cisco FirePOWER and FireSIGHT services it was anticipated that Cisco would come out with the revision of CCNA Security. I hope soon Cisco will make major revamp to CCIE Security exams.

After completing my CCIE R&S I was wondering what to do next? Thought of continuing the journey with one more CCIE, but was not convinced of having multiple CCIEs, yet thinking what should be my next move.

Started focusing on other vendors, technologies and certifications and was quite happy and satisfied with its progress, planning to continue the same. CCDE is one such track, which always grabbed my attention, as it’s completely vendor neutral certification and now I am thinking of starting my journey of CCDE and I already started my planning with the same powerful questions which I asked myself before starting my CCIE journey.

When some one wants to start a new journey he needs to plan the path and the road of success, while doing so I discovered Cisco Learning Network has everything one can imagine to start the journey of CCDE. I would recommend those who are planning for CCDE written exam to have a look at CLN CCDE page, its quite impressive as one can measure where he/she stands in terms of understanding the concepts, what are his/her strong points? What are the key technologies or concepts he/she needs a more attention.

It’s a one pit stop for all CCDE aspirers as in the Streamlined CCDE Written Preparation resources one can not only see what books to be referred, but also there are links for Cisco Validated Designs, YouTube videos and Cisco live videos. The credit goes to the early CCDEs and program mangers like

Palo Alto Network Firewall offers configuration-auditing feature, using this feature one can compare any two configuration files and see the difference. Palo Alto firewalls after comparing any two configuration files, highlights the differences using color coding schemes. Following color codes are used to highlight the changes in comparison between any two configuration files.

Yellow: Indicates a change

As you can see from the below snap shot when the Palo Alto Networks Firewall was started it didn’t had any IP address assigned to interface Ethernet 1/1

After adding an IP address the audit result shows the addition in Yellow color

Green: Indicates an addition

The below snapshot shows an that Ethernet 1/1 was added to virtual router and this reflected by green color.

Red: indicates a deletion

The below snapshot clearly shows that virtual router was deleted and its been highlighted in red color.

This innovative and graphical way of doing comparison between different versions of configuration proves to be a very handy tool for troubleshooting. These kinds of tiny little features makes Palo Alto Networks Firewall really of the next generation. Palo Alto came out with some unique features which differentiates them from rest of the player.

When it comes to either designing a network or upgrading an existing network with new design most of us think from technical prospective like what kind of hardware we need, what routing protocols we need to use , what type of links needed etc. This comes true for those who are deeply involved in technical tasks. Rather we need to focus more on the characteristics of the network, what is the motive or goals of the network design we are preparing for and how the network transports the traffic to its destination such that it serves the business needs.

The network which we are designing should be capable of the following characteristics

Reliable and resilient

Manageable

Scalable

These are the three golden rules which one can consider while designing a network.

It’s a known fact that there are very limited resources one can avail for the preparations of the Palo Alto Networks Certified Network Security Engineer (PCNSE6) exam. One has to rely completely on Palo Alto resources, as in the market you are not going to find any Palo Alto press books (there is no Palo Alto Press either) or any third party books or study material.

Things becomes quite challenging for those who are not either Palo Alto customers or Partners, as they cannot register to Palo Alto Networks Education site to avail some of the free training or attempt the Palo Alto ACE exam. I think Palo Alto Networks should rethink on this policy.

I took both of these training and was benefited in enhancing my knowledge about Palo Alto Network Firewalls. I really liked the way the course was conducted by Domagaj Tos, he presented the course in very easy format and his notes and drawings were quite useful to understand the concepts.

Recently I took Palo Alto Networks Certified Network Security Engineer (PCNSE6) exam and by the grace of Almighty I passed the exam. The Palo Alto Networks Certified Network Security Engineer (PCNSE6) happens to be one of toughest exam I took. It’s not an easy exam to pass especially because one should not only have a deep understanding Palo Alto technologies but also good hands on experience on Palo Alto Security products like Palo Alto Networks next generation firewalls and Panorama.

When ever some one creates a new policy or changes the configuration settings of an existing Security Policy or any other parameters like zone, Virtual router etc. in the Palo Alto firewall and click OK as shown below, the Candidate Configuration is either created or updated and this type of configuration is known as Candidate Configuration.

However when Commit tab at the top right corner of Web UI of the Palo Alto Firewall is clicked the Candidate Configuration is applied to the running configuration of the Palo Alto firewall. And the applied configuration is called running configuration.

Also by using “commit” cli command in the configuration mode on can apply candidate configuration to the running configuration.

Palo Alto firewalls comes with a built in out of band management interface, labeled MGT and a serial console cable.

One can access the Palo Alto firewall by connecting his/her laptop with an IP address in 192.168.1.0/24 subnet to the management interface and can access the firewall using a web-browser connection https://192.168.1.1. The default username is admin and password is admin as well.

Palo Alto firewalls have a dedicated management interface which can be used only for management of the firewall, however one can enable firewall management over other interfaces which are used to forward the traffic, however management interface cannot be used for to forward the normal traffic.By default HTTP, Telnet and SNMP are disabled on the MGT Interface of the firewall

With the dominance of Virtualized environments like VMware, KVM, Citrix SDX and Amazon AWS, there is a challenge of securing East-West traffic. Like many other security vendors Palo Alto does offers various Virtual Platforms to protect virtualized data center and East-West traffic.

The interesting fact I see here is the support of VMware NSX™ which certainly makes the SDN platform more secure and flexible.

The Palo Alto VM-Series are no different than the Physical Firewalls in many aspects like next-generation firewall and advanced threat prevention features, however the VM-Series is not capable of supporting virtual systems.

The Palo Alto VM-Series supports the automation features like VM monitoring, dynamic address groups and a REST-based API, these features allows you to proactively monitor VM changes dynamically feeding that context into security policies, thereby eliminating the policy lag that may occur when your VMs change.

About This Blog

Network Technologies and Trends is a blog dedicated to all network professionals, consultants and networking certification aspirers. It aims to provide hands-on troubleshooting tips for most of the Cisco networking products, simple tips for the operation of Cisco routers and switches, as well as networking technology updates and reviews and sample configurations and templates for networking devices.